Random Thoughts – Randocity!

How to fix Touch ID purchasing after Apple ID unlock

Posted in Apple, botch, california by commorancy on August 14, 2018

Touch ID App store purchasing no longer works after your Apple ID is unlocked? How do you get it working again? Let’s explore.

Apple ID Locked

I’ve recently begun having problems with Apple locking my Apple ID account about every 3 weeks with no explanation. After I’ve unlocked my account, I find that the App store app refuses to use Touch ID and forces entry of my password to download an app. Hey Apple, I set up Touch ID so I don’t have to type in a password.

I’ve called Apple twice about this problem and they are of no help. I had to figure this one out on my own. Thanks Apple… not!

Not only does Apple have no logs to determine why the account is locked, they simply don’t care about this problem. Their login system has become shit in the last few months beginning in June of 2018. I have no explanation for this lockout problem except that Apple needs to get their shit together. I’ve never had this problem before this point. Anyway, once an Apple ID is locked, you’ll need to unlock it to proceed cleaning up the mess Apple leaves behind.

Note, I have no problems unlocking my account. In fact, it takes about 5 minutes or less. However, there’s a bunch of crap to do to clean up Apple’s mess.

Unlocking an Apple ID

To unlock your account, go to appleid.apple.com. Note, I have chosen not to linkify in the address in this article for security reasons. This is why it’s not clickable in this paragraph.

Instead, simply select the text => appleid.apple.com . Then copy and paste it into your browser’s address bar. Or better, type it into your browser’s address bar manually. Next, browse to this destination. Because this is Apple’s security site which manages your Apple ID security settings, I urge you to make sure you type it in exactly and carefully. If you mistype this address, it’s possible that you could land on a malicious web site that looks identical to Apple’s site and which could collect your Apple ID and password. Alway be cautious, alert and careful when visiting sites which manage the security of your account(s). Here are the steps to get you started:

  • Once you’re on the Apple ID site, under the ‘Manage your Apple account’ text, enter your Apple ID username and click the arrow pointing right →
  • Now enter your current password and click the arrow →
  • It will tell you your account is locked
  • At this point, follow the prompts to unlock your account

You’ll need to need to know the following info (as of 2018) to unlock your account:

  • Birthdate
  • Answers to the security questions you set up previously

This section assumes you have not set up two-factor authentication. You can choose to unlock by email or by answering security questions. It’s up to you which path to follow. Whichever path you choose, complete the process to unlock your Apple ID. After unlocking, here’s where the fun begins. /sarc

If you can’t remember your security questions or birthdate, you’ll need to contact Apple Support and request for them to help you with unlocking your Apple ID. If you have set up two-factor authentication (2FA), you will need to know your recovery key. If you’ve lost you recovery key and access to your trusted device after setting up 2FA, you’re out of luck. If you have access to your trusted device, Apple can send you a text to finish the unlocking process. You cannot recover your Apple ID when using 2FA if you have lost the recovery key and lost access to your trusted device. For this reason alone, I cannot recommend setting up 2FA on your Apple ID. Stick with a strong password and avoid 2FA.

Note, I strongly recommend unlocking your account via this web browser method only. Even if your iPhone or iPad prompts to unlock your account directly on your device, don’t. Do not rely on the methods built into iOS devices as I have found them to be problematic and unreliable. Using the browser method, you will have no troubles.

Account Unlocked / Touch ID problems

Once your account is unlocked, you’ll find that all devices that were formerly logged into this account will have been force logged out. This force logout method is different than the method you would use to logout on the device. If you log out of the device, you will be prompted for both the account name and the password. With Apple’s force logout due to a lock, you are only required to reenter your password. Your login ID will be remembered and cached.

An account lockout wreaks havoc on certain features in iOS like Touch ID. Because the account was force logged out, then unlocked, Touch ID will fail to work on both the Music and the App store app. As I said above, you’ll find that the App store now prompts you to enter your password rather than using Touch ID.

Worse, you can go to settings and clearly see that Touch ID is still enabled for the App store app, but it is not working. This is demonstrably a bug that Apple simply won’t fix. How do we resolve this? Let’s continue.

Fixing Touch ID in the iTunes and App store app after a lockout

Here are the steps to fix this problem:

  • Kill the Music and App store apps on your iOS device. DON’T SKIP THIS STEP. You do this by double clicking the home button. Then scroll through the apps running, then drag the app up to the top of the screen with your finger until it disappears from the list. This will kill that app. It’s always a good idea to periodically kill all running apps on your phone to improve performance. Be sure to kill the App store app before proceeding. If you have many apps in the list to scroll through, you can bring the app to the front of the list easily by launching the app before trying to kill it.
  • Once the apps are killed, proceed to the Home screen and touch the Settings app
  • Scroll down to Touch ID & Passcode and touch it
  • Enter your pincode (if requested)
  • This is the screen you’ll see next
  • On this screen, you’ll see the iTunes & App store is already enabled (green). This setting is a lie. After a force lock and unlock, Apple automatically disables this feature internally even though the button shows green and enabled. That this button remains enabled is a bug and is the reason Touch ID doesn’t work.
  • Click the green slider button next to iTunes & App Store to disable this setting.
  • Wait for a moment for this to register and turn grey, like so 
  • Now, click it a second time to re-enable it. This time, it will prompt you for your Apple ID password.
  • Enter your current Apple ID password in the password prompt
  • Wait for the button to do a little jig before leaving this screen. The jig is described like so: the button starts off green, then turns grey for a moment, then slides back to green. This jig confirms that Touch ID for the App store is now truly enabled
  • Exit to the home screen and launch the App store app
  • Browse to any free app in the store and click ‘Get’. Touch ID should now prompt you for your fingerprint instead of prompting for your password.

If you skip killing the apps where I asked you to do that, you’ll find that the App store app still prompts for a password. The reason for this is that the App has cached the forced logout. To break that cache, you perform all of the steps described above. Following the order of these steps is important.

If you leave the App store app running when you reset the Touch ID settings, you’ll find that the password prompt problem remains. You may find that killing and relaunching the app even after resetting the Touch ID after-the-fact also won’t work. That’s why the order the steps is important.

Stupid Problems, Debugging and Network Settings

Problems this stupid shouldn’t exist on iOS devices, but here we are. I’ve already discussed this issue with Apple Support, but they simply won’t do anything about it. In fact, because this problem was formerly a rare occurrence, Apple Support isn’t even aware of this workaround.

In fact, while on the phone, Apple Support “recommended” that I reset my network settings. Never reset network settings as a first step. Resetting network settings should be the absolute last step and only when nothing else resolves a problem. The difficulty with resetting network settings is that it wipes all iCloud stored network passwords and access point information, like WiFi passwords. Not only does it wipe all WiFi networks and passwords on iCloud for the device where you wiped network settings, it wipes it for every device also using iCloud. This means if your Apple ID is being used on a MacBook, an iPhone, an iPad, an iPod or any combination of several of these devices, you’ll have to reinter the password on every device manually. It will also have forgotten all of the access points that iCloud formerly knew. Each new device will need to relearn them all.

You can somewhat solve this problem by first signing your device out of iCloud before wiping network settings. However, when you log your device back into iCloud, it might still wipe some settings from iCloud once logged back in and synced with iCloud. Be cautious with doing this.

I’ve been there and done that. This is a pain-in-the-ass. If Apple Support ever requests you to wipe network settings, tell them politely but firmly, “No.” Then state, “I only wipe network settings as a last ditch effort. Let’s exhaust all other workarounds and possibilities first.”

Wiping network settings usually only resolves actual networking problems, such as the phone refusing to connect to a WiFi access point. Touch ID has nothing to do with networking. Be wary of Support Team members requesting you to wipe network settings to help resolve non-network problems. The last thing you want to do is spend hours fixing all of your other devices in addition to not resolving the original problem. The Apple Support team is very good at causing more problems without actually solving the original problem. It is up to you to always exercise your best judgement to prevent Apple Support slip ups.

I really wish that Apple would just fix these stupid bugs. I also wish that they would tell me why my account keeps getting locked out.

↩︎

Shopping Frustration: When coupon codes don’t work

Posted in shopping by commorancy on September 4, 2012

Nothing is more frustrating during online shopping than when e-tailers send out a coupon code for a one day sale that doesn’t work.  I have to wonder, are these sites just stupid, clueless or technically inept?  Let’x explore.

Holiday Shopping Spree

If you’re like me, I tend to shop for things when people send me coupon codes.  Specifically, I shop when things are wearing out. I try to make sure these purchase times match up when coupon codes are available.  So, I like to wait for sale days like Memorial Day, President’s Day or, like today, Labor Day.  So, I’m happy when companies where I like to shop send me a 20% or 30% off coupon.  I generally like to take advantage of these deals because they don’t appear that frequently and I can shop for clothes that are wearing out.

Clickable Ad Banners in Email

Unfortunately, many of these e-tail sites are so inept or mismanaged that they email out the code but they forget to activate the code.  Sometimes they deactivate it too early.  Worse, they send an email with a big clickable banner ad describing this ‘Sale’ that, when you click, takes you to their home page and not to the sale items that apply to the code.  This action leaves you wondering what the heck is actually on sale?   One word comes to mind: inept.  Retailers, this is a seriously stupid practice.  If you send out an email that you’re having a 20% off sale, a click should immediately take you to the sales item(s).  Don’t make your customers guess what’s on sale.   In the case where I am taken to the front page, I close the browser, delete the email and move on.  Sorry, you’ve just lost a sale and I simply won’t shop there.  I know I’m not alone in this.  A lot of people fill their carts and either abandon the cart or clear it out because of stupid things like coupon codes that don’t work.

Coupon Codes that Don’t Work

I’ve had many times where some company sends me a coupon code that when you type it into the cart and click ‘Apply’, the message says ‘This coupon is not valid’ or ‘This coupon does not apply to the items in your cart’.  This goes back to the above issue.  If you’re planning to issue a coupon code and spend the time and effort to email your email list with this code, you damned well better test that code to make sure it works and you damned well better make sure the customers know to which items the code applies.  Don’t make your customers guess.  Additionally, for 24 hour sales, you should make also sure that code works until midnight.  And by this I mean, make sure it works until midnight of the customer’s timezone, not just your company’s timezone. That coupon should not expire at midnight your company’s timezone time as that could be midday in some locales. The code should expire at midnight wherever your shopper resides or better, expire it the following day sometime during the day to prevent expiration before the day is over for every customer and also lets late customers take advantage.  After all, isn’t the idea behind a coupon code to get people into your site to purchase?

Customers walking away

Making stupid moves like not activating coupons, deactivating them early or making your customers guess as to what merchandise the coupon applies is just a stupid practice.  You probably think I’m talking about small mom-and-pop shops here.  No, these are well known well respected companies that are making these most basic mistakes, like Jockey, Tommy Bahama and Zagg.

Nothing is more frustrating than filling up your cart with merchandise expecting to use a coupon code only to find that it doesn’t work.  Or, worse, not finding the merchandise to which the sale or coupon applies.  In these cases, I empty the cart, close the browser window and delete the email.  If these companies do this more than once,  I remove myself from their email list as it’s quite clear that these companies do not have their act together.  Which, if you think about it, is completely odd.  These are retailers in business to make money.  If you’re planning to offer a sale that uses a coupon code and that code doesn’t work, do you really think people are going to pay full price anyway?  No.  Selling your merchandise is your bread and butter and if you want people to buy your stuff, then you need to make sure your email ads reflect the reality of your site.  If it doesn’t work, then you have even more serious issues on your hands, not the least of which might be considered fraud.

Amazon Better?

I just don’t understand this practice.  This is why Amazon is kicking butt.  With Prime, you get 2 day shipping included and the best price without hassling with coupon codes.  Sure, you might be able to find it slightly cheaper at some mom-and-pop shop.  But, the hassle of setting up a new account and dealing with yet more email that can’t do it right outweighs the few pennies of savings you might get from that mom-and-pop shop.  So, I always find myself back at Amazon buying, at least for hassle-free purchasing.  I don’t want to deal with coupon codes that don’t work, sites that don’t specify what’s on sale or silly stupid problems like this.

For those sites that do this, fix your sites or lose the sale and be trampled by Amazon.  It’s quite simple.

Stupid Security Measures: autocomplete=off – How To Turn Off or Disable

Posted in banking, security, technologies by commorancy on April 16, 2012

While I’m all for some browser related security, this one feature is completely asinine because it’s so unpredictable, uncontrollable and stupidly implemented. This is the complete opposite anyone should expect from a quality user experience. Let’s explore.

What is auto-completion?

Most browsers today will automatically fill forms and password fields from locally saved browser login and password information (usually the field is yellow when automatically filled). This is called autofill or autocompletion. While I admit that storing passwords inside a browser is not the smartest of ideas, specifically if it happens to be connected to your bank account. With that said, it is my choice. Let me emphasize this again loudly. Saving passwords IS MY CHOICE! Sorry for yelling, but some people just don’t listen or get this… hello Chrome, Firefox and IE, you guys (especially Chrome) need to take notes here.

So what’s this autocomplete=off business?

As a result of autocompletion, the browser creators have decided to give web site creators the ability to disable this mechanism from within their own web pages. So, when they create forms, they can add the tag “autocomplete=off” to the form which prevents the browser from storing (or offering to store) passwords or other sensitive information. This is fine if the browser would give the user the choice still. It doesn’t.

I’m fine with browsers trying to prevent stupid behavior from users, but always provide an override. Never implement features like this, however, at the expense of a frustrating and inconsistent browser experience. This is exactly what autocomplete=off does. Why? The browser doesn’t give the user control over this web page mechanism nor does it even warn of it. If the site sets this flag on their form, the browser won’t offer to store anything dealing with this form. That’s fine IF I can disable this behavior in the browser. I can’t. As I so loudly said above, this is MY choice. Make this a preference. If I want to store logins and passwords for any site on the Internet, it’s my choice. This is not Chrome’s choice or Wells Fargo’s choice or any other site’s choice. If you offer to store and save passwords, you need to let me do it under all conditions or don’t offer to do it at all. Don’t selectively do it based on some random flag that’s set without any warning to the user.

Inconsistent Browser Experience

When autocomplete=off is set on a form, there is no warning to the user that this value is set. The browser just doesn’t save the password. You have no idea why, you don’t know what’s going on. You expect the browser to offer to save and it doesn’t. This just makes the browser look broken. And, frankly, it is. If the browser can’t warn that autocomplete=off is set by the site through changing the color of the bar, flashing, an icon or some other warning mechanism (like the lock when https is in use) the user experience has been compromised and the browser is broken. This affects not only Chrome, but IE, Safari and Firefox. Yes, and this is extremely bad browser behavior. It’s also taking a step back in time before web 2.0 when the browser experience became more positive than negative. We’re heading back into negative territory here.

Browser Developers Hear Me

Not warning the user that the experience is about to change substantially is not wanted behavior. For auto-completion, we already have mechanisms to shut it off entirely. We have mechanisms to exclude sites from saving credentials. Why do we need to change the browser experience just to satisfy Wells Fargo or some other site? I’m all for letting these sites set this flag, but just like overriding bad certificates at https sites, users should be able to override autocomplete=off. There is no need to break the browser experience because you want to allow sites stop saving of passwords. No, again, hear me, it’s MY CHOICE. It’s not your choice as a developer. It’s not Wells Fargo’s choice. It’s not PayPal’s choice. It’s MY CHOICE. If I want to save passwords into my browser, allow me t0 always override this setting.

Hacks Galore

Yes, there are browser hacks available as browser extensions (Chrome or Firefox) to disable autocomplete=off on forms on sites. While these hacks work, they require updating, can break on browser updates and can be generally problematic under some conditions. No, this is an issue that firmly needs to be addressed in the core browser, not through clever browser add-on hacks. Let the sites set autocomplete=off, that’s fine. But, warn me that it’s turned on and let me override it. I shouldn’t need a hack to fix a bug in the browser.

Always Warn of Browser Experience Changes

Why am I going down on this issue so hard? Because this is a completely crappy implementation of this feature. Why? Because it breaks the user’s browsing experience without any warning. If this the page is attempting to prevent me from saving credentials, then this information should be marked clearly in the browser somewhere. Perhaps by adding a special icon to the address bar indicating that credential saving is not allowed on this site. Then, when I click that small icon, I should be able to override this behavior immediately. Again, this is my choice to store or not store passwords to the browser. There should never be any defacto security mechanisms which cannot be overridden by a user control. Never!

If the user chooses to do something stupid, that’s the user’s choice. No, it’s not a bank’s, chrome’s or any other company’s responsibility to ensure the safety of user data. It’s entirely the user’s responsibility and those choices should be completely left up to the user to decide, for better or worse.

[Update] Safari is now warning when autocomplete=off is set on a page. Safari now tells you that the site you are visiting doesn’t allow saving of passwords. Bravo to at least Apple for getting this one right.

I have also found that Firefox with the Greasemonkey plugin and this Greasemonkey script works best for completely disabling all pieces of autocomplete=off.  While the above plugins do at least allow saving passwords, the plugins don’t always allow autocomplete to work.  This means that if you want to see your credentials autopopulate into the fields on page load, you may have to use Greasemonkey instead. I have found that the Greasemonkey solution is the most complete at disabling autocomplete=off.  The reason this works is that Greasemonkey actually removes this autocomplete=off pieces from the page before Firefox renders it. The other plugins just tweak the browser to ignore the setting for password saving, but it still exists in the page source and, thus, the pieces that manage the autocomplete parts are left unhandled.  So, these pieces still don’t populate the fields.

%d bloggers like this: